Recent years have seen headline after headline about massive thefts of user data, including passwords, email addresses, and personal data. Anthem (80M accounts compromised), LinkedIn (117M), and Yahoo (1B) are just a few examples. Attackers are monetizing these accounts and credentials to harvest gift card, purchases and commit fraud on behalf of users, and resell credentials on the dark web. The losses from Account Takeover (ATO) in the US alone were estimated at $2.3 billion in 2016, up 61%.
Armed with databases of users credentials and distributed automated tools, attackers are unleashing massive advanced ATO attacks. These attacks quickly pass traditional security methods like Web Application Firewall (WAF), rate limiting, and IP reputation based detections. In this webinar, based on actual large scale attacks detected by PerimeterX, we present different advanced methods used by attackers to bypass existing protections. , and discuss new ways to detect and fight Account takeover attacks.